fix: add configurable safe-outputs URL sanitization policy for code-region-safe suggestion handling

[Copilot]

Safe-output URL sanitization is now policy-driven at the safe-outputs frontmatter level, so workflows can choose between strict URL sanitization everywhere and preserving URLs inside code regions (including GitHub suggestion fences) to avoid patch corruption.

Changes

• New frontmatter field: safe-outputs.urls with supported values:
  • allowed-only (default): sanitize URLs across all content regions
  • allowed-or-code-region: sanitize prose while preserving fenced/inline code regions
• sanitize_content_core.cjs / sanitize_content.cjs:
  • Added policy-based URL sanitization flow
  • Wired policy via GH_AW_SAFE_OUTPUTS_URLS
  • Preserves suggestion/code-region payloads only when allowed-or-code-region is selected
• Compiler and schema updates:
  • Added safe-outputs.urls to workflow schema
  • Added parsing, validation, and env propagation in safe-outputs compilation
• Import/shared workflow support:
  • Added safe-outputs merge behavior so urls policy is preserved through imported/shared agentic workflows
• Tests:
  • Updated sanitizer regression tests for both policy modes
  • Added Go tests for policy validation, propagation, and import merge behavior

[Copilot]

Pull request overview

This PR fixes safe-output URL sanitization so it does not rewrite content inside fenced code blocks (including GitHub ```suggestion fences), preventing suggestion patch payload corruption while continuing to sanitize URLs in prose.

Changes:

• Apply sanitizeUrlProtocols and sanitizeUrlDomains via applyToNonCodeRegions so fenced/inline code is preserved verbatim.
• Add regression tests covering protocol and domain sanitization behavior for generic fenced blocks and suggestion blocks.
• Adjust a header comment in the setup CLI install script.

Show a summary per file

File	Description
actions/setup/js/sanitize_content_core.cjs	Routes URL protocol/domain sanitization through applyToNonCodeRegions to avoid rewriting fenced code content.
actions/setup/js/sanitize_content.test.cjs	Adds regression tests ensuring code fences (including suggestion) are preserved while prose is still sanitized.
actions/setup-cli/install.sh	Updates a sync note comment (currently becomes self-referential; see review comment).

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 3/3 changed files
• Comments generated: 1

[pelikhan]

@lpcox review please

[github-actions]

@copilot review all comments and address unresolved review feedback.

Generated by 👨‍🍳 PR Sous Chef · ◷

[github-actions]

Please fix the self-referential sync note in actions/setup-cli/install.sh and push a follow-up commit.

Generated by 👨‍🍳 PR Sous Chef · ◷

[github-actions]

@copilot review all comments and address unresolved review feedback.

Please summarize the remaining blockers and next steps so this branch can move forward.

Generated by 👨‍🍳 PR Sous Chef · ◷

[github-actions]

@copilot review all comments and address unresolved review feedback.
Please confirm the fenced-code preservation test covers suggestion blocks.

Generated by 👨‍🍳 PR Sous Chef · ◷

[github-actions]

\n@copilot review all comments and address unresolved review feedback.\n\npr-sous-chef: fix the self-referential install.sh comment and reply to the unresolved review comment.

Generated by 👨‍🍳 PR Sous Chef · ◷

[github-actions]

@copilot review all comments and address unresolved review feedback.

Generated by 👨‍🍳 PR Sous Chef · 71.6 AIC · ⌖ 1 AIC · ⊞ 17.2K · ◷

[github-actions]

`
@copilot review all comments and address unresolved review feedback.

Generated by 👨‍🍳 PR Sous Chef · 27.1 AIC · ⌖ 1.07 AIC · ⊞ 17.2K · ◷

[github-actions]

`
Please summarize the remaining blocker and rerun the affected checks once the review thread is addressed.

Generated by 👨‍🍳 PR Sous Chef · 27.1 AIC · ⌖ 1.07 AIC · ⊞ 17.2K · ◷

[pelikhan]

@copilot add a front matter field to define the URL escaping policy at the safe-outputs level

safe-outputs:
urls: allowed-only, allowed-or-code-region

Current mode is "allowed-only", new mode for code region is "allowed-or-code-region"

Must support import shared agentic workflows

[Copilot]

@copilot add a front matter field to define the URL escaping policy at the safe-outputs level

safe-outputs:...

Implemented in 33928f0 (plus follow-ups 521697f and 8ca74cb):

• Added safe-outputs.urls with supported values allowed-only and allowed-or-code-region
• Wired schema + frontmatter parsing + validation
• Propagated policy to runtime via GH_AW_SAFE_OUTPUTS_URLS
• Updated sanitizer behavior to honor policy
• Added import-merge support so shared/imported agentic workflows carry this setting
• Added regression tests for policy behavior

[pelikhan]

@copilot recompile

[Copilot]

@copilot recompile

Ran make recompile on this branch at 33928f0; it completed successfully and produced no diffs (working tree stayed clean).

[github-actions]

Generated by 👨‍🍳 PR Sous Chef · 42 AIC · ⌖ 1.36 AIC · ⊞ 17.2K · ◷

[github-actions]

``
@copilot review all comments and address unresolved review feedback.
Please re-run validation and reply with the updated result.

Generated by 👨‍🍳 PR Sous Chef · 42 AIC · ⌖ 1.36 AIC · ⊞ 17.2K · ◷